Windows IoT Security Jackie Chang Sr. Program Manager
Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport of data between endpoints/devices is secure Data & Control
IoT protection stack Device protection Threat resistance Data protection in-motion Cloud security Response Trusted Platform Module (TPM) Windows Device Health Attestation Secure Boot BitLocker Windows as a Service Device Guard Windows Firewall Windows Defender* X.509/TLS-Based Handshake and Encryption Encryption at Rest Azure Active Directory Key Vault Policy-Based Access Control IP- based blocking Secure Device Registration Device Management Device Recovery Device-specific repudiation Standards-based best practices *Only available on Windows IoT Enterprise
Hardware Software Device Data & Control Security Services
Hardware Root of Trust Supports strong device identities Defense in Depth Various levels of defense in depth including Device Guard, UWP Appx containerization, etc. Small Trusted Computing Base Utilize TrustZone for critical processing such as ftpm Dynamic Compartments Certificate-Based Authentication Failure Reporting Renewable Security UWP apps run in their own contexts; Windows is built in a compartmentalized way Certificate (key) protected code execution thru DeviceGuard Different level of failure reporting for HW, OS and apps are available via Watson through OEM portals Proven and scalable update infrastructure through Windows updated and Device Update Center. Microsoft Corporation The example is based on an i.mx6 processor running Windows IoT
Device Attestation Can I trust the device with my assets? Provisioning Who has access to my assets? Trusted Device Security Claim Attestation Service Proof of device health Device identity and health Provisioning Service I can trust the device with my assets I am in control of the device Policy Microsoft Corporation
Protect data where it is at rest, in motion and during execution by utilizing TEE, secure boot and others Establish trust through attestation and provisioning Protect Detect Device Health Attestation assess trusted and compliant state Azure Security Center cloud-powered, behavioral-based, breach detection Threat intelligence knowledge base Forensic investigation and mitigation capabilities Actionable Information Remediate Security bulletins and fixes Device Update Center scalable, device staging Device Management, scalable from low end devices to enterprise, cloud and on-prem
Build Secure Devices with Windows
Device Platform Security is built in to Windows Secure applications through UWP Health attention and provisioning Data protection at rest volume encryption and HW supported key storage (BitLocker, TPM) Secure execution: DeviceGuard, Secure Boot Threat mitigation Device update and management Turn-key security and manufacturing tools Service offerings Windows 10 IoT Core Services 10y LTSC support Device Health Attention Manage updates via DUC (Device Updated center) Azure Security Center Windows 10 Enterprise license Microsoft Corporation
Windows IoT security promise Windows IoT provides the best endpoint security to protect your data at rest, in motion and during execution. Windows IoT devices are built with security in mind. Security is not in the way of your development, deployment and operation.
IoT Security Offering Protect Detect Remediate Core HW & Platform Device Attestation Windows Defender ATP* Recovery and DM Malware resistance w/ SecureBoot Securing keys in the TPM Information protection for data at rest with BitLocker Execution control via DeviceGuard for IoT Security updates Security related data points validated by Remote Health Attestation Service Measured boot data, protected by the TPM, sent to service for verification Conditional Access to sensitive assets based on device health assessment Advanced Threat Protection with cloud-powered, behavioral-based, post-breach detection Anomaly detection, combined with Microsoft threat intelligence knowledge base Forensic investigation and mitigation capabilities Remediate the affected device via DM (e.g. flash the device) Device Update * Roadmap
olume encryption with TPM protected keys
Device Guard Secure Boot
Detection
Device Health Attestation Remote attestation based on hardware measured & attested data DHA Service Respond with Health report 5 Client Policies (AV, Firewall, State) The Device Health Attestation enables IT administrators to monitor the security posture of managed devices remotely Request Health Data Signature 1 2 Respond with signed Health Data blob 4 Verify Health data Device Management by using hardware (TPM) protected and attested data 3 via a tamper-resistant and tamperevident communication channel DHA enabled device Access please Here is my health attestation https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp
Low Integrity I/O Boot-ROM Creating attestable trust Can I trust that the device provides the right information HW and SW? Mutable Seed i.mx 6 SoC SPL CA OCRAM OPTEE CA CA Normal World UBoot CA UEFI CA Measured Boot & BitLocker Bootmgr/Winload/Ntoskrnl Low Integrity OS Root of trust is established by SoC manufacturer or OEM Each component will issue a certificate for the component it loads including measurements ECC keys are generated using the previous component key as seed ftpm IoT Edge Secure Runtime XYZ Agent TrustZone Kernel TrustZone User High Integrity I/O Device/ SPL OPTEE Component Certificate contains: - Measurement of the binary - Public key for this component - Chain up to previous cert UBoot ftpm UEFI SR XYZ OS Provide Certificate Chains to attestation Service Attestation Service
Advanced Threat Protection for IoT devices Early threat detection is critical for to mitigate impact on device operation WDATP is available for Windows 10 Enterprise and Server Advanced Threat Protection with cloud-powered, behavioral-based, post-breach detection Anomaly detection, combined with Microsoft threat intelligence knowledge base Forensic investigation and automated mitigation capabilities PC have broader attack surface due to open platform and user initiated entry points, email, social media These only apply limited to IoT solutions. Windows IoT Device lockdown, purpose build devices with limited well defined user interaction. Attack surface: Zero-day-exploits, communication protocol attacks, wrong configurations
Remediation
Windows Update Connected devices have challenge of new security threads - updates are an essential tool to address this Keeps device up to date with critical security software updates Utilize the Microsoft proven and scalable infrastructure Updates can be easily managed and controlled by device owners Easy management via Device Update Center
Introducing Windows 10 IoT Core Services Commercialize your project with enterprise-grade security and support Updates Security Support Take control of Windows updates with cloud-based IoT Core Device Update Center (DUC) Manage updates for OS, apps, settings, and OEM-specific files from the cloud Distributed over the same global CDN used by Windows Update Help ensure the safety of your network and devices with cloud-based Device Health Attestation (DHA) Backed by the same security research team and validation process used by 700M Windows 10 devices Leverage hardware and cloud services to provide tamper proofing and remote attestation of device health Count on stable systems with 10 years of LTSC (Long Term Servicing Channel) support with security updates only (no new features) Official Microsoft Lifecycle Support statement - links to software license agreement Access to monthly published Windows IoT Core packages for building fully patched images with OEM tools
Privacy: GDPR
Our commitment Windows 10 IoT platforms is GDPR complied Together with our partners, we are prepared to help you meet your policy, people, process, and technology goals to align with GDPR View Microsoft GDPR compliance at www.microsoft.com/gdpr
Security on Azure IoT Edge
Azure IoT Edge Device Security Promises What is the maximum protection you can expect if the device fell into the wrong custody? HSM Secure Element HSM Secure Enclave Azure IoT Edge Security Manager Azure IoT Edge Security Manager Azure IoT Edge Security Manager
Azure IoT Edge security with enclaves Public preview Enabling Open Enclave SDK for the intelligent edge and simplifying the development of trusted applications across operating systems and hardware platforms
Extensible Enclave Model Foundation TA PKI based ID & Auth Certs store Crypto Libraries TA Extensions Metering Trusted I/O HSM Secure Enclave Azure IoT Edge Security Manager Secure Logging Edge Module custom sensitive logic Etc.
Windows IoT Editions
Windows 10 IoT editions Windows 10 IoT Core Windows 10 IoT Enterprise Microsoft is releasing a new Windows 10 IoT Core Services offering with 10 years of support (LTSC) What s new? Brand new offering with Windows 10 IoT Core Services RS5 LTSC cumulative release since RS1 New value provided through Windows 10 IoT Core Services What s my purchase model? Subscription fee* Stable LTSC with RS2->RS5 features New sales opportunity and broader services attach motion Availability & support? 10 years of distribution and support fixes 10 years of distribution and support fixes